pwn 0.4.502 → 0.4.503

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8e6a9cadce0579fb5fae8d210d13e9d3be8693978ed49f309f911e21d2369465
4
- data.tar.gz: 25614e923ad9677ba7b281eb6efc4f1b7b5c4bd4fd7eb1d1729665c3cd8f769b
3
+ metadata.gz: b596bbfaab1c2c5442b6be7e46c63fa7b2d9b7c3daa370bc8cfdea68b7e0e039
4
+ data.tar.gz: 79137ee35bdb6a599eba227124da98567776d6dec5593f8b44681fa95f543f2f
5
5
  SHA512:
6
- metadata.gz: d619efe1e91a920ae8f2155ee42627668a9c61b559352e82746a2eced1472e6d5c45304729b9efce166aa0f4e23d1707bb8485903c99c1d791dca2113480b0d4
7
- data.tar.gz: 67e549838acfc45e4658e2bcccf030755a7bb9a12201f15fbd94503e1bcbdaa8dfbad333607a80780c462ba6485c698eda4ca272c873e110949466ccedc90901
6
+ metadata.gz: ac749d01182f84dc41213be5d947d7f5ed18d4b35397ebebffe470a9f7cbd175d42d6b3e36f20274bac7565348659ceca01fa21af66af934d1cc4a79263e745e
7
+ data.tar.gz: 2cd0bbfe6ab55336a62a878b8b55c503f345c46c5cb2b7648fc39761d45b08f045c3ff4426cc6f734350ce5ef03988e08b7125d5e18e89f888f43434ab864eeb
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.502]:001 >>> PWN.help
40
+ pwn[v0.4.503]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.502]:001 >>> PWN.help
55
+ pwn[v0.4.503]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
@@ -91,11 +91,18 @@ begin
91
91
  # Record Call
92
92
  pid_to_kill = 0
93
93
  wav_file = "#{wav_archive}/#{target_num}-#{start_timestamp}.wav"
94
- sox_params = "-d #{wav_file} trim 0 #{seconds_to_record}"
95
94
 
96
95
  puts red
97
96
  puts "Recording Duration: #{seconds_to_record}s"
98
- system(sox_bin, sox_params)
97
+ system(
98
+ sox_bin,
99
+ '-d',
100
+ wav_file,
101
+ 'trim',
102
+ '0',
103
+ seconds_to_record.to_s
104
+ )
105
+
99
106
  puts 'Complete.'
100
107
  puts end_of_color
101
108
 
@@ -109,11 +116,27 @@ begin
109
116
 
110
117
  puts cayan
111
118
  puts 'Generating Audio Spectrogram...'
112
- sox_params = "#{wav_file} -n spectrogram -o #{wav_file}-spectrogram.png -d #{seconds_to_record}"
113
- system(sox_bin, sox_params)
119
+ system(
120
+ sox_bin,
121
+ wav_file,
122
+ '-n',
123
+ 'spectrogram',
124
+ '-o',
125
+ "#{wav_file}-spectrogram.png",
126
+ '-d',
127
+ seconds_to_record.to_s
128
+ )
129
+
114
130
  puts 'Generating Audio Waveform...'
115
- waveform_params = "-c '#FF0000' -b '#000000' -F #{wav_file} #{wav_file}-waveform.png"
116
- system(waveform_bin, waveform_params)
131
+ system(
132
+ waveform_bin,
133
+ '-c',
134
+ '#FF0000',
135
+ '-b',
136
+ '#000000',
137
+ '-F',
138
+ "#{wav_file} #{wav_file}-waveform.png"
139
+ )
117
140
  puts 'Complete.'
118
141
  puts end_of_color
119
142
 
data/bin/pwn_arachni CHANGED
@@ -117,14 +117,39 @@ begin
117
117
  end
118
118
 
119
119
  # Kick off scan as defined by pwn_arachni flags
120
- system("sudo /bin/bash --login -c \"#{arachni_cmd_str}\"")
120
+ system(
121
+ 'sudo',
122
+ '/bin/bash',
123
+ '--login',
124
+ '-c',
125
+ arachni_cmd_str
126
+ )
121
127
 
122
128
  # Report Scan Results
123
- system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip\"")
124
- system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json\"")
129
+ system(
130
+ 'sudo',
131
+ '/bin/bash',
132
+ '--login',
133
+ '-c',
134
+ "arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip"
135
+ )
136
+
137
+ system(
138
+ 'sudo',
139
+ '/bin/bash',
140
+ '--login',
141
+ '-c',
142
+ "arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json"
143
+ )
125
144
 
126
145
  # Unzip Results in Output Dir
127
- system("sudo /bin/bash --login -c \"cd #{output_dir} && unzip -o arachni_results.html.zip\"")
146
+ system(
147
+ 'sudo',
148
+ '/bin/bash',
149
+ '--login',
150
+ '-c',
151
+ "cd #{output_dir} && unzip -o arachni_results.html.zip"
152
+ )
128
153
  rescue StandardError, SystemExit, Interrupt => e
129
154
  raise e
130
155
  ensure
@@ -145,5 +145,12 @@ if start_reporting_server
145
145
  end
146
146
  puts "For Scan Results Navigate to: http://127.0.0.1:#{listen_port}/pwn_fuzz_net_app_proto.html"
147
147
  simple_http_server_params = "-i #{listen_ip} -p #{listen_port}"
148
- system("cd #{dir_path} && pwn_simple_http_server #{simple_http_server_params}")
148
+ Dir.chdir(dir_path)
149
+ system(
150
+ 'pwn_simple_http_server',
151
+ '-i',
152
+ listen_ip,
153
+ '-p',
154
+ listen_port.to_s
155
+ )
149
156
  end
@@ -218,7 +218,15 @@ unless nmap_path == ''
218
218
  # Eyewitness Nmap XML Results
219
219
  unless eyewitness_path == ''
220
220
  print "#{@green}Eyewitness Nmap XML Results...#{@end_of_color}"
221
- system("#{eyewitness_path} -x '#{nmap_xml_results}' -d '#{output_dir}/#{nmap_target}-#{@runtime_timestamp}' --no-prompt --all-protocols")
221
+ system(
222
+ eyewitness_path,
223
+ '-x',
224
+ nmap_xml_results,
225
+ '-d',
226
+ "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}",
227
+ '--no-prompt',
228
+ '--all-protocols'
229
+ )
222
230
  end
223
231
 
224
232
  PWN::Plugins::NmapIt.parse_xml_results(xml_file: nmap_xml_results) do |xml|
data/bin/pwn_sast CHANGED
@@ -147,7 +147,7 @@ begin
147
147
 
148
148
  # Start Simple HTTP Server (If Requested)
149
149
  if start_reporting_server
150
- listen_port = Random.rand(1_025..65_535)
150
+ listen_port = Random.rand(1_025..65_535).to_s
151
151
 
152
152
  if pwn_provider == 'docker'
153
153
  listen_ip = '0.0.0.0'
@@ -156,7 +156,14 @@ begin
156
156
  end
157
157
 
158
158
  puts "For Scan Results Navigate to: http://127.0.0.1:#{listen_port}/pwn_scan_git_source.html"
159
- system("cd #{dir_path} && pwn_simple_http_server -i #{listen_ip} -p #{listen_port}")
159
+ Dir.chdir(dir_path)
160
+ system(
161
+ 'pwn_simple_http_server',
162
+ '-i',
163
+ listen_ip,
164
+ '-p',
165
+ listen_port
166
+ )
160
167
  end
161
168
  rescue SystemExit, Interrupt
162
169
  puts "\nGoodbye."
@@ -35,7 +35,17 @@ else
35
35
  end
36
36
 
37
37
  begin
38
- system("thin start --adapter file --address #{bind_ip} --port #{port} --threaded --debug")
38
+ system(
39
+ 'thin',
40
+ 'start',
41
+ '--adapter file',
42
+ '--address',
43
+ bind_ip,
44
+ '--port',
45
+ port.to_s,
46
+ '--threaded',
47
+ '--debug'
48
+ )
39
49
  rescue RuntimeError
40
50
  puts "WARNING: Service Already Listening on TCP #{port}..."
41
51
  port = Random.rand(1_025..65_535)
@@ -8,7 +8,6 @@ module PWN
8
8
  module BusPirate
9
9
  # Supported Method Parameters::
10
10
  # PWN::Plugins::BusPirate.connect_via_screen(
11
- # screen_bin: 'optional - defaults to /usr/bin/screen'
12
11
  # block_dev: 'optional - serial block device path (defaults to /dev/ttyUSB0)'
13
12
  # )
14
13
 
@@ -17,19 +16,19 @@ module PWN
17
16
  opts[:block_dev].to_s
18
17
  )
19
18
 
20
- block_dev = '/dev/ttyUSB0' if opts[:block_dev].nil?
21
-
22
- if opts[:screen_bin].nil?
23
- screen_bin = '/usr/bin/screen'
24
- else
25
- screen_bin = opts[:screen_bin].to_s.strip.chomp.scrub
26
- end
19
+ block_dev ||= '/dev/ttyUSB0'
27
20
 
21
+ screen_bin = '/usr/bin/screen'
28
22
  raise "ERROR: #{screen_bin} not found." unless File.exist?(screen_bin)
29
23
 
30
- screen_params = "#{block_dev} 115200 8 N 1"
31
- screen_cmd = "#{screen_bin} #{screen_params}"
32
- system(screen_cmd)
24
+ system(
25
+ screen_bin,
26
+ block_dev,
27
+ '115200',
28
+ '8',
29
+ 'N',
30
+ '1'
31
+ )
33
32
  rescue StandardError => e
34
33
  raise e
35
34
  end
@@ -120,7 +119,6 @@ module PWN
120
119
  public_class_method def self.help
121
120
  puts "USAGE:
122
121
  #{self}.connect_via_screen(
123
- screen_bin: 'optional - defaults to /usr/bin/screen'
124
122
  block_dev: 'optional serial block device path (defaults to /dev/ttyUSB0)'
125
123
  )
126
124
 
@@ -95,7 +95,11 @@ module PWN
95
95
  next if Dir.exist?(clone_dir)
96
96
 
97
97
  print "Cloning: #{clone_uri}..."
98
- system('git', 'clone', clone_uri)
98
+ system(
99
+ 'git',
100
+ 'clone',
101
+ clone_uri
102
+ )
99
103
  puts 'complete.'
100
104
  end
101
105
 
@@ -1107,31 +1107,73 @@ module PWN
1107
1107
  my_os = PWN::Plugins::DetectOS.type
1108
1108
  case my_os
1109
1109
  when :linux
1110
- ipfilter = 'sudo iptables'
1111
- chain_action = '-C'
1112
- ipfilter_rule = "OUTPUT --protocol tcp --source #{pkt.ip_saddr} --destination #{pkt.ip_daddr} --destination-port #{pkt.tcp_dst} --tcp-flags RST RST -j DROP"
1113
-
1114
- ipfilter_cmd = "#{ipfilter} #{chain_action} #{ipfilter_rule}"
1115
-
1116
- unless system(ipfilter_cmd, out: File::NULL, err: File::NULL)
1117
- chain_action = '-A'
1118
- ipfilter_cmd = "#{ipfilter} #{chain_action} #{ipfilter_rule}"
1119
-
1110
+ system_resp = system(
1111
+ 'sudo',
1112
+ 'iptables',
1113
+ '-C',
1114
+ 'OUTPUT',
1115
+ '--protocol',
1116
+ 'tcp',
1117
+ '--source',
1118
+ pkt.ip_saddr,
1119
+ '--destination',
1120
+ pkt.ip_daddr,
1121
+ '--destination-port',
1122
+ pkt.tcp_dst.to_s,
1123
+ '--tcp-flags',
1124
+ 'RST',
1125
+ 'RST',
1126
+ '-j',
1127
+ 'DROP',
1128
+ out: File::NULL,
1129
+ err: File::NULL
1130
+ )
1131
+
1132
+ unless system_resp
1120
1133
  puts 'Preventing kernel from misbehaving when manipulating packets.'
1121
- puts 'Creating the following iptables rule:'
1122
- puts ipfilter_cmd
1123
- system(ipfilter_cmd)
1124
-
1125
- puts "Be sure to delete iptables rule, once completed. Here's how:"
1126
- chain_action = '-D'
1127
- ipfilter_cmd = "#{ipfilter} #{chain_action} #{ipfilter_rule}"
1128
- puts ipfilter_cmd
1134
+ system(
1135
+ 'sudo',
1136
+ 'iptables',
1137
+ '-A',
1138
+ 'OUTPUT',
1139
+ '--protocol',
1140
+ 'tcp',
1141
+ '--source',
1142
+ pkt.ip_saddr,
1143
+ '--destination',
1144
+ pkt.ip_daddr,
1145
+ '--destination-port',
1146
+ pkt.tcp_dst.to_s,
1147
+ '--tcp-flags',
1148
+ 'RST',
1149
+ 'RST',
1150
+ '-j',
1151
+ 'DROP'
1152
+ )
1129
1153
  end
1130
1154
 
1131
1155
  pkt.recalc
1132
1156
  pkt.to_w(iface)
1133
1157
 
1134
- system(ipfilter, "-D #{ipfilter_rule}")
1158
+ system(
1159
+ 'sudo',
1160
+ 'iptables',
1161
+ '-D',
1162
+ 'OUTPUT',
1163
+ '--protocol',
1164
+ 'tcp',
1165
+ '--source',
1166
+ pkt.ip_saddr,
1167
+ '--destination',
1168
+ pkt.ip_daddr,
1169
+ '--destination-port',
1170
+ pkt.tcp_dst.to_s,
1171
+ '--tcp-flags',
1172
+ 'RST',
1173
+ 'RST',
1174
+ '-j',
1175
+ 'DROP'
1176
+ )
1135
1177
  # when :osx
1136
1178
  # ipfilter = 'pfctl'
1137
1179
  # ipfilter_rule = "block out proto tcp from #{pkt.ip_saddr} to #{pkt.ip_daddr} port #{pkt.tcp_dst} flags R"
@@ -7,7 +7,6 @@ module PWN
7
7
  module RFIDler
8
8
  # Supported Method Parameters::
9
9
  # PWN::Plugins::RFIDler.connect_via_screen(
10
- # screen_bin: 'optional - defaults to /usr/bin/screen'
11
10
  # block_dev: 'optional - serial block device path (defaults to /dev/ttyUSB0)'
12
11
  # )
13
12
 
@@ -17,18 +16,18 @@ module PWN
17
16
  )
18
17
 
19
18
  block_dev = '/dev/ttyUSB0' if opts[:block_dev].nil?
20
-
21
- if opts[:screen_bin].nil?
22
- screen_bin = '/usr/bin/screen'
23
- else
24
- screen_bin = opts[:screen_bin].to_s.strip.chomp.scrub
25
- end
19
+ screen_bin = '/usr/bin/screen'
26
20
 
27
21
  raise "ERROR: #{screen_bin} not found." unless File.exist?(screen_bin)
28
22
 
29
- screen_params = "#{block_dev} 9600 8 N 1"
30
- screen_cmd = "#{screen_bin} #{screen_params}"
31
- system(screen_cmd)
23
+ system(
24
+ screen_bin,
25
+ block_dev,
26
+ '9600',
27
+ '8',
28
+ 'N',
29
+ '1'
30
+ )
32
31
  rescue StandardError => e
33
32
  raise e
34
33
  end
@@ -46,7 +45,6 @@ module PWN
46
45
  public_class_method def self.help
47
46
  puts "USAGE:
48
47
  #{self}.connect_via_screen(
49
- screen_bin: 'optional - defaults to /usr/bin/screen'
50
48
  block_dev: 'optional serial block device path (defaults to /dev/ttyUSB0)'
51
49
  )
52
50
 
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.502'
4
+ VERSION = '0.4.503'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.502
4
+ version: 0.4.503
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.